Member Sign In
Not a member?

A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.


It's fast and free.

Sign in with OpenID
Sign In
Webmonkey is a property of Wired Digital.
processing...
Join Webmonkey
Please send me occasional e-mail updates about new features and special offers from Wired/Webmonkey.
Yes No
Please send occasional e-mail offers from Wired/Webmonkey affiliated web sites and publications, and carefully selected companies.
Yes No
I understand and agree that registration on or use of this site constitutes agreement to Webmonkey's User Agreement and Privacy Policy.
Webmonkey is a property of Wired Digital.
processing...

Retrieve Sign In

Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.

or
Webmonkey is a property of Wired Digital.
processing...

Welcome to Webmonkey

A private profile page has been created for you.
As a member of Webmonkey, you can now:
  • edit articles
  • add to the code library
  • design and write a tutorial
  • comment on any Webmonkey article
Close
Webmonkey is a property of Wired Digital.

Sign In Information Sent

An e-mail has been sent to the e-mail address registered in this account.
If you cannot find it in your in-box, please check your bulk or junk folders.
Sign In
Webmonkey is a property of Wired Digital.

Quicktime Flaw Makes Windows Vulnerable to Attack

By Scott Gilbertson April 28, 2008 Categories: Operating Systems, Web Basics

GNUCitizen, a security think tank, has apparently discovered a new flaw in Apple’s QuickTime multimedia player. The new vulnerability can be exploited to compromise PCs running Windows Vista SP1 and XP SP2. Although details are a bit thin at the moment, the GNUCitizen blog has published a movie purporting to show the attack in action.

If you watch the film above (might want to mute that techno soundtrack if that’s not your bag) you’ll see that the attack uses a maliciously crafted file, which, when opened, begins to spawn its own processes. The file used in the movie opens applications like Paint, Calculator and Notepad (or at least that’s what it looks like is happening).

The flaw was discovered by Petko D. Petkov who has previously published flaws in QuickTime, Gmail and PDF files. The GNUCitizen blog says that Apple will be notified, but so far the company not responded.

Petkov hasn’t released the details of the vulnerability pending a response from Apple. For the time being there’s probably no need to worry. It’s extremely unlikely that this vulnerability is in the wild, but, as with any file you download, use caution when opening media files from sources you don’t know.

[via PC World]

See Also:

Tags: Windows
Post Comment Comments Permalink Print
Reddit Digg
 
Subscribe now

Special Offer For Webmonkey Users

WIRED magazine:
The first word on how technology is changing our world.

Subscribe for just $10 a year